Login Directly to Expert Mode

See What Traffic Was Dropped But Not Logged

fw ctl zdebug + drop | grep <host ip or port number>

Allow admin user to scp files to the SPLAT box:

grep admin /etc/scpusers | wc l If 0, then do this: echo admin >> /etc/scpusers Any user can be substituted for admin. WinSCP users: In order to use WinSCP, you must also issue the following to change admins shell to bash: chsh s /bin/bash admin Note: This is a security risk as this bypasses cpshell for this user. Use with caution.

Run a command from the shell repetitively

Repeat a particular command until <ctrl-C>: watch -interval=5 <commands> Note: output cannot be redirected to a file. To have more flexibility use: while true; do sleep 5 <commands> done All commands should be followed by a Carriage Return. Example commands could be ls lh *.elg cpwd_admin list echo >> ~/routes.txt ; zdump utc >> ~/routes.txt; netstat rn >> ~/routes.txt Rediretion of output is fully supported.

Ethtool and mii-tool commands can be put at the end of /etc/rc.local startup script to survive a reboot. Please note the Gigabit Ethernet standard requires the use of autonegotiation to establish the master-slave signal timing control required to make the link operational. Do not use these commands to disable autonegotiation for Gigabit links.

Conflicts Between SNX/VM, SmartPortal and SPLAT WebUI

SNX and Visitor Mode conflict with the default SPLAT admin GUI port of 443. To remedy: webui enable 445 (moves it to 445) or, for a better security: webui disable

Find out the features of a SKU per whatever cp.macro is on your SPLAT boxcplic resolve_macro ::CPVP-VSI-100-NGX Use this command to compare features of two SKUs: cplic resolve_macro ::CPVP-VSI-100-NGX > VSI cplic resolve_macro ::CPVP-VMC-100-NGX > VMC diff VSI VMC

Some Performance Commands

(verify how IRQs are being balancing across CPUs)

About Connecting SPLAT to a Terminal Server

Say you connect to the serial port via a network console server. Basically, you telnet to the server on the numbered port that you wish to connect to. This numbered port has RJ45 connection to a serial adapter on the device serial port. Some terminal servers detault to vt100 terminal emulation mode by default. SPLAT installation takes place in ANSI terminal mode. This mismatch causes the server to receive a string of characters that it did not understand. Once you change the mode to ANSI on the console server (and the client software - HyperTerminal) we were able to see the boot menu correctly. With --silent enabled (as it is by default) in /etc/grub.conf, you don't see the full boot menu unless you hit a key.

Compute a File Integrity Checksum

md5sum <filename> sha1sum <filename>

Useful Commands for Identifying Versions

kernelversion uname a ver fw ver cpshared_version

Watch Appended Data to a Log File (or any file) on the Flytail f /var/log/messages

Create a Text File from the Command line Quick and Dirtycat > myfile (type a line) (type a line) (etc.) EOF (Hit Ctrl-D)

Useful Networking Commands

ifconfig a netstat rn netstat i netstat an netstat antp (route) (interface errors) (all stats, but do not resolve service names) (which processes listening on which ports)

Mount a CD-ROMmount /dev/cdrom cd /mnt/cdrom When you are done: umount /dev/cdrom Note: You cant eject the CD-ROM until you umount it.

Mounting an ISO from the local filesystem

mount -t iso9660 -o loop ~/singlecd.iso /mnt/cdrom Singlecd.iso assumed to be in the home directory ~/.

Mount a USB drive in SPLAT

modprobe usb-storage Load the module for usb mass storage (once per re-boot): (Plug in the USB key) dmesg | more Look in dmesg for the device node to mount from. Likely to be SDB1 or SDD1) mount -t vfat /dev/sdb1 /mnt/usb Mount the volume (/dev/whatever designation from above) (Copy files to or from /mnt/usb) umount /mnt/usb Unmount when finished

File Types and Execution Path Checking

which cpstop (which cpstop will be executed based on the shell path) file cpstop (what kind of file is cpstop script? complied executable?) file `which cpstop` (use command substitution to combine the two commands) basename filename (strip the path off of a filename)

Determine the NIC driver version you are using:

See What Files Changed During any Operation

Investigate Check Point Configuration from the Command Line

$CPDIR/bin/cpprod_util -? cpwd_admin list

Using cpinfo to Re-create a SmartCenter (not supported)

You can do this partially. The cpinfo should have a copy of most of the files in the conf directory. Infoview will let you drag files from it onto a folder on your machine. What I do is take these files objects_5_0.C rulebases_5_0.fws fwauth.NDB *.W (maybe asm.c if necessary) Put them on a machine that has the same IP and hostname as the original management server, overwriting the existing files in $FWDIR/conf. Remove $FWDIR/conf/applications.* and $FWDIR/conf/CPMILinks* (this is important or else it will not work) and then cpstop;cpstart and you should be able login and have the objects and rules and users from the old management server. This method does not preserve the SIC database, however, so youll have to reset SIC on any modules you have. I dont think that the cpinfo contains enough info to save the SIC database, but not sure since I havent really tried to do it before.

Recovering a Forgotten SPLAT Password

1. If you know the Expert Mode password, but not any of the user passwords, go to Maintenance Mode. The Expert Mode password is also used to access Maintenance Mode. Once in Maintenance Mode, issue the cpshell command. Use the adduser command to create a new user, whose password is known. If you don't have the option of creating a new user, you're probably stuck following the steps for when you know neither the Standard Mode nor the Expert Mode password (see #3 below). 2. If you know a user's Standard Mode password, but you've forgotten the Expert Mode password, things get a little trickier, but not too bad. I used a bootable Linux distro (tested with Knoppix & F.I.R.E.). a) boot to CD b) mount the hard disk ( mount /dev/hda2 /mnt/hda2 ) c) edit the SecurePlatform passwd file - change the user's default shell from cpshell to bash (see tip above) d) boot to SecurePlatform & login with the user you just modified; you get a bash prompt e) use the passwd command to change the Expert Mode password f) edit passwd & change the user's default shell back to cpshell I tested this using a special user created for the test and also with admin. No problems either way. 3. If you don't know the Standard Mode password and you don't know the Expert Mode password, things are even trickier, but you can still get in. You'll need access to another SecurePlatform installation and a bootable Linux distro for this one. a) go to a SecurePlatform box where you know the passwords b) copy the /etc/passwd and /etc/shadow files to a floppy c) go to the SecurePlatform machine where you don't know the passwords and boot to your bootable Linux CD d) mount the hard disk and the floppy with passwd and shadow files

e) move the existing passwd and shadow files to .old f) copy the passwd and shadow files from the floppy to your SecurePlatform machine g) edit passwd and change the user's default shell from cpshell to bash h) boot to SecurePlatform and login using the user you just modified; you get a bash prompt. You may also get an error message if the user doesn't have a home directory - you should still be able to login i) use the passwd command to change the Expert Mode password j) edit /etc/passwd & change the user's default shell back to cpshell I also changed the permissions on passwd & shadow to match their original permissions. For passwd, the original permissions were 644. For shadow, the original permissions were 400. Additonal Notes for HP/Compaq: "The Compaq/HP servers use the Smart Array 5i controller which uses the cciss driver. It was loading, but not seeing any drives. Also, the CD ROM was stalling during load as it was trying to load as a SCSI device, and it was not on the controller. Here is what I had to do: Boot Knoppix by entering boot:knoppix26 atapicd Once the sytem was up: cd /dev MAKEDEV cciss (caps needed) and it created like 100 objects under /dev/cciss Mounted the drive with mount o rw /dev/cciss/c0d0p3 /mnt/tmp It appears that c0d0p1 (partition 1) is the boot partition, c0d0p2 (partition 2) is the swap space, and c0d0p3 (partition 3) is the application drive."

BONUS: Recovering a Forgotten IPSO Password

Recovery a Nokia lost password: You must have local serial console access to the unit to perform this procedure. 1. Boot system into single user mode. To do this reboot or power cycle the machine, When you see the line " boot: " you must enter "-s" before it goes into multiuser mode. (you have about 10 seconds) * on a ip330 or ip650 you need to type boot -s at the BOOTMGR prompt* 2. 3. After it boots, it will ask you "Enter pathname of shell or RETURN for sh:", press Enter key. Type "/etc/overpw" in the # prompt. It will ask if you want continue, type "y".

In IPSO 3.1.3 systems and earlier, it will ask you to put a floppy disk into the floppy drive to make sure you have physical access to the box. Put a floppy disk into the floppy drive and press Enter key. IPSO 3.1.4 and later does not ask this question. In IPSO 3.4 and above, /etc/overpw will ask you to set a password. The admin password defaults to no password in earlier versions of IPSO. 4. 5. 6. Continue to boot to multiuser mode. Login as admin. If a password is required, you will be asked for one. Use the dbpasswd command to set a new password:

nokia[admin]# dbpasswd admin newpassword ""

10

(Note that the "" is necessary to specify (NULL) as the old password.) Then, save this new password to the configuration file so that you can log into Network Voyager: nokia[admin]# dbset :save